AI Security Review
scanned 5d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates AI-agent control files during npm postinstall. It installs Claude hook/config surfaces into the consumer project without an explicit user command.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/npm-install.js --auto
- scripts/npm-install.js uses INIT_CWD/process.cwd as TARGET, not package dir
- postinstall recursively copies core/hooks, core/commands, core/agents, core/rules, core/scripts, core/gates into TARGET/.claude
- postinstall also writes .claude-plugin/plugin.json and marketplace.json into the installing project
- copied .claude-plugin/hooks/hooks.json defines Claude hook commands for UserPromptSubmit, PreToolUse, PostToolUse, Stop
- hooks include async rewake audit hook and tool interception/control surface changes
- No credential harvesting or exfiltration found in installer
- No network calls in scripts/npm-install.js
- telemetry-sender.sh writes local .yana/telemetry.jsonl only
- scripts/yana-rt-wrapper.js only execFileSyncs user-invoked yana-rt candidates
- gitnexus-hook.js uses spawnSync without shell:true and mostly augments search context
- Package purpose is AI-agent safety hooks, so many hook files are thematically aligned
Source & flagged code
25 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
core/hooks/gitnexus-hook.jsView on unpkg · L15Package source invokes a package manager install command at runtime.
core/hooks/gitnexus-hook.jsView on unpkg · L127Package source references dynamic require/import behavior.
core/gates/structured-output-validator.jsView on unpkg · L7Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/npm-install.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
core/gates/identity-gate.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude-plugin/hooks/yana-audit-rewake.shView on unpkgHardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L116Hardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L155Hardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L168Hardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L174Hardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L175Hardcoded password in core/agents/test-engineer.md
core/agents/test-engineer.mdView on unpkg · L188Hardcoded password in core/commands/api-scaffold.md
core/commands/api-scaffold.mdView on unpkg · L1540Hardcoded password in core/commands/test-harness.md
core/commands/test-harness.mdView on unpkg · L1197Hardcoded password in core/commands/test-harness.md
core/commands/test-harness.mdView on unpkg · L1235Hardcoded password in core/commands/test-harness.md
core/commands/test-harness.mdView on unpkg · L1251Hardcoded password in core/commands/test-harness.md
core/commands/test-harness.mdView on unpkg · L1277Hardcoded password in core/commands/test-harness.md
core/commands/test-harness.mdView on unpkg · L1298Hardcoded password in core/commands/db-migrate.md
core/commands/db-migrate.mdView on unpkg · L1401Hardcoded password in core/commands/db-migrate.md
core/commands/db-migrate.mdView on unpkg · L1411Hardcoded password in core/commands/config-validate.md
core/commands/config-validate.mdView on unpkg · L688Hardcoded password in core/commands/config-validate.md
core/commands/config-validate.mdView on unpkg · L701Hardcoded password in core/commands/config-validate.md
core/commands/config-validate.mdView on unpkg · L715